Lecture 3

Classical Ciphers (Monoalphabetic)

, Number Theory and Cryptanalysis
Cryptology
 Cryptology
• Cryptography
• The art and science of keeping message secure, is called
cryptography
• Cryptography comes from Greek and it means hidden/secret
(crypto) and writing (graphy)
• Cryptanalysis
• The art and science of breaking ciphertext: that is seeing through
disguise (without the knowledge of key)
• Cryptology
• The branch of mathematics surrounding both cryptography and
cryptanalysis is Cryptology. Its practitioners are Cryptologists
 Messages and Encryption
• Encryption
• The original message is called Plaintext
• The process of masking a message in such a way to hide its
substance, is called Encryption
• The Encryption is done using the specified key: C = E K(P) or E(K, P)
• The encrypted message is called Ciphertext
• Decryption
• The mathematical function mapping ciphertext to plaintext using
the specified key: P = DK(C) or D(K, Y) = EK-1(C)

C = EK(P) P = DK(C)

P C C P
 Algorithms and Keys
• Cipher
• A cryptographic algorithm is called a cipher. It is a
mathematical function used for both encryption and
decryption
• Key & Key Space
• The security of modern cryptosystem is based on a Key:
which could be one of any large values.
• The range of possible key values is called the Key Space
• Both encryption and decryption depends upon the Key
• Given a key, every possible plaintext must result in a unique
ciphertext—if not – decryption would not be unambiguously
possible
Some Basic Terminology
• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering plaintext from ciphertext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
 Cryptosystem
A cryptosystem is a five-tuple (P, C, K, E, D), where following
conditions are satisfied :
1. P is a finite set of possible plaintexts
2. C is a finite set of possible ciphertexts
3. K, the keyspace, is a finite set of possible keys
4. For each K  K, there is an encryption algorithm EK  E and
a corresponding decryption algorithm DK  D. Each EK : P 
C and DK : C  P are functions such that DK(EK(X)) = X for
every plaintext X  P.
Cryptosystem
Cryptanalysis
• Process of attempting to discover Plaintext (P) or Key (K) or both.
• Various types of cryptanalytic attacks
Classification of Attacks
• Ciphertext only
The attacker has access only to the ciphertext of several messages
encrypted through same encryption scheme. The knowledge of the
plaintext is minimal.
His job is to find plaintext, or key or the algorithm.

Known
C1=Ek(P1), C2=Ek(P2),……, CJ=Ek(PJ)

To be Known
P1, P2, P3,……., Pj OR An algorithm OR Key (K)
Classification of Attacks
• Known Plaintext
The attacker has access to the plaintext as well as to their corresponding
ciphertext. He intends to find plaintext, or key or the algorithm.

Known
P1,C1=Ek(P1), P2,C2=Ek(P2),……, PJ, CJ=Ek(PJ)

To be Known
An algorithm OR Key (K) to get P1, P2, P3,……., Pj
Classification of Attacks
• Chosen-Plaintext
The attacker has access to the plaintext as well as to their corresponding
ciphertext and also he has ability to encrypt texts of his own choice. That is
possible when an encryption box embedded with a secure key comes in
the hands of attacker or the attacker can send his own plaintexts to the
owner of the secret key to decrypt. His job is to deduce either algorithm or
key to get plaintexts.

Known
P1,C1=Ek(P1), P2,C2=Ek(P2),……, PJ, CJ=Ek(PJ)
(attacker can choose P1, P2, ….,Pj,)

To be Known
An algorithm OR Key (K) to get P1, P2, P3,……., Pj
Classification of Attacks
• Adaptive Chosen-Plaintext attack
This is a special case of chosen plaintext attack which makes the attacker to
have even more active actions because he can modify his choices of
encrypted texts based on the previous results. He can choose a smaller
block of plaintext, then another based on the results of previous one and
so forth.

Known
P1,C1=Ek(P1), P2,C2=Ek(P2),……, PJ, CJ=Ek(PJ)
(attacker can choose P1, P2, ….,Pj, & Length of Pj is not fixed)

To be Known
An algorithm OR Key (K) to get P1, P2, P3,……., Pj
Classification of Attacks
• Chosen-Ciphertext attack
In contrast to chosen plaintext attack, here an attacker can choose
different ciphertexts to be decrypted and he has access to the decrypted
plaintexts. The attacker has access to a decryption box or can send to the
owner his ciphertexts to decrypt. His job is to deduce the key.

Known
C1,P1=Dk(C1), C2,P2=Dk(C2),……, CJ, PJ=Dk(CJ)
(attacker can choose C1, C2, ….,Cj)

To be Known
Key (K)
Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext

Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
More Definitions
• unconditional security
• no matter how much computer power or time is available, the cipher
cannot be broken since the ciphertext provides insufficient information
to uniquely determine the corresponding plaintext
• computational security
• given limited computing resources (eg time needed for calculations is
greater than age of universe), the cipher cannot be broken
Symmetric Cipher Model
Symmetric Encryption
• or conventional / private-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-key
• was only type prior to invention of public-key in 1970’s
• and by far most widely used
 1. Shift Cipher

Let plaintext (p) = wewillmeetatmidnight

We first convert the plaintext string into integers. The rule is:
a<->0, b<->1, c<->2, d<->3, e<->4, f<->5, g<->6, h<->7, i<->8,
j<->9, k<->10, l<->11, m<->12,n<->13, o<->14, p<->15,q<->16,
r<->17, s<->18, t<->19, u<->20, v<->21, w<->22, x<->23,
y<->24, z<->25
w e w i l l m e e t a t m i d n i g h t

22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 19
Let K=11, we add 11 to each value, reducing each sum modulo 26, we get ciphertext
7 15 7 19 22 22 23 15 15 4 11 4 23 19 14 24 19 17 18 4
H P T T W W X P P E L E X T O Y T R S E
 1. Shift Cipher
For a particular Key k=3, the cryptosystem is often called the
Caesar Cipher (Roman Empire, 2000 years ago )

0123456...
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
3456789...

Plain: meet me after the toga party

Cipher: PHHW PH DIWHU WKH WRJD SDUWB
Cryptanalysis of Shift Cipher
• Shift cipher (modulo 26) is not
secure, since it can be
cryptanalyzed by brute force
attack
• There are only 25 keys to try, until
a meaningful plaintext string is
obtained
• On average, a plaintext will be
computed using 26/2=13
decryption rules

- Plain: meet me after the toga

party
– Cipher: PHHW PH DIWHU
WKH WRJD SDUWB
 2. The Substitution Cipher

Example:

Plaintex: s u b s t i t u t i o n
Ciphertext:V U N V M Z M U M Z F S
Relative frequency distributions
(English & ciphertext)
3. The Affine Cipher

Suppose K=(7,3), We can calculate 7-1 mod 26=15, the encryption formula becomes:
eK (x)=7*x + 3 mod 26
And the corresponding decryption function id
dk(y)= 15 (y-3) = 15 y - 19
Example: Encrypt “ hot”  7, 14, 19
(7 x 7 + 3) mod 26 = 52 mod 26 = 0
7x14 + 3) mod 26 =101 mod 26=23
(7x19 + 3) mod 26 -= 136 mod 26=6 0,23,6  AXG
 Mathematical
Background and
Number Theory
 Group
A group (G, *) is a set G with a binary operation * that satisfies the following
four axioms:

1. Closure : For all a, b in G, the result of a * b is also in G.

2. Associatively: For all a, b and c in G, (a * b) * c = a * (b * c).
3. Identity element : There exists an element e in G such that for all a in
G, e * a = a * e = a.
4. Inverse element: For each a in G, there exists an element b in G such
that a * b = b * a = e, where e is an identity element

Examples:
• The set Zm, with the operation of addition modulo m, forms a group of order m
• The set Zm with the operation of multiplication modulo m is not a group, since
not all elements have multiplicative inverses
 Ring
A ring is a set R equipped with two binary operations called + (addition) and
× multiplication, such that:

(R, +) is an abelian group with identity element 0:

1. (a + b) + c = a + (b + c)
2. 0 + a = a + 0 = a
3. a + b = b + a
4. For every a in R, there exists an element denoted −a, such
that a + −a = −a + a = 0
(R, ×) is a moniod with identity element 1:
5. (a × b) × c = a× (b× c)
6. 1× a = a×1 = a
Multiplication distributes over addition:
7. a × (b + c) = (a× b) + (a × c)
8. (a + b) × c = (a × c) + (b × c)
Examples:
• The rational, real and complex numbers form rings (in fact,
they are even fields). These are likewise commutative rings
Arithmetic modulo m
The integer modulo m, denoted by Zm is the set of
integers {0,1,2,..,m-1} where addition, subtraction
and multiplication is performed modulo m.

Examples: Z25 ≡ {0,1,2,…..,24}

In Z25,
13 + 16 =4, since 13+16=29≡4 (mod 25)

Similarly

In Z25,
13.16 =8, since 13.16=208≡8 (mod 25)
 Arithmetic modulo m

Since additive inverse exists in Zm, we can also subtract elements in Zm

We define a – b in Zm to be (a - b) mod m. i-e we compute the integer
a – b and reduce it modulo m

• Example: To compute 11 -18 in Z32, we first subtract 18 from 11,

obtaining -7 and then compute -7 mod 32=24
 Congruences

Examples:

(1) 24 ≡ 9 (mod 5) since 24-9=3.5

(2) -11 ≡ 17 (mod 7) since -11-17=-4.7

To compute 101 mod 7

To compute -101 mod 7
We write:
We write:
101=7 × 14 + 3
101=7 × (-15) + 4
Since:
Since:
0≤3≤6
0≤4≤6
It follows:
It follows:
101 mod 7=3
-101 mod 7=4
Euclidean algorithm

m,n Euclidean gcd(m,n)

Algorithm

gcd(m, n)
x = m, y = n
while(y > 0)
r = x mod y
x=y
y=r
return x
Euclidean algorithm

Example The following are the division

steps for computing gcd(12345, 11111) = 1:

12345 = 1*11111 + 1234

11111 = 9*1234 + 5
1234 = 246*5 + 4
5 = 1*4 + 1
4 = 4*1 + 0
Extended Euclidean
Algorithm
1. The Extended Euclidean algorithm not only computes
gcd(a,b), but also returns the numbers n and s such that
gcd(a,b)=n*a + s*b
2. If gcd(n,m)=1 this solves the problem of computing modular
inverses
3. The extended Euclidean algorithm works the same as the
regular Euclidean algorithm except that we keep track of
more details –namely the quotient q = x/y in addition to the
remainder r = x mod y. This allows us to backtrack and write
the gcd(a,b) as a linear combination of a and b.
 Extended Euclidean
Algorithm
Given a,b, solve for a.x + b.y=d, to determine the values of x & y. Let a=12345, b=11111, be the two integers,
we have already calculated gcd(12345,11111)=1, so we can write:
gcd(12345, 11111)=1=n*12345 + s*11111,
The problem is to determine the values of n & s ???

From the last line that reveals GCD

From our previous example of
Euclidean algorithm
From d
1=5 – 4*1
a. 12345 = 1*11111 + 1234
Substitute value of the remainder 4 from (c)
b. 11111 = 9*1234 + 5
1=5 – (1234 – 246*5)*1
c. 1234 = 246*5 + 4
1=247*5 -1234
d. 5 = 1*4 + 1
Substitute value of the remainder 5 from (b)
e. 4 = 4*1 + 0
1=247*(11111- 9*1234) -1234
1=247*11111 - 2224*1234
Substitute value of the remainder 1234 from (a)
1=247*11111 - 2224*(12345 – 1*11111)
1=2471*11111 – 2224*12345
 Finding Multiplicative
Inverse (a-1)

How to find?

1. Use the Extended Euclidean Algorithm to find integers s and t, such that a*s +
n*t=1
2. a-1≡ s mod n
From last slide
1=(– 2224)*12345 + (2471)*11111
Verification:
S=-2224, t= 2471
a * a-1≡1 mod 11111
a-1 ≡ s mod n 12345 *8887≡1 mod 11111
-2224≡ (-1)(11111) + 8887
a-1=8887
 Cryptanalysis of the
Affine Cipher (1)
Consider the Cipher-text:

Frequency occurrences of each letter

R D E,H,K F,V P,S A,L,M,U,X B,N,O,Y C,G,I,J,Q,T,W,Z
8 6 5 4 3 2 1 0 57

Hypothesis 1
R is encryption of e eK(4) = 17
D is encryption of t eK(19) = 3
Recall that , ek(x)=a*x + b, thus
4a + b=17 a=6 in Z26
19a + b=3 B=19

gcd(a,m)=gcd(6,26)=2>1 iIlegal key Cont…….

 Cryptanalysis of the
Affine Cipher (2)
Consider the Cipher-text:

Frequency occurrence of each letter

R D E,H,K F,V P,S A,L,M,U,X B,N,O,Y C,G,I,J,Q,T,W,Z
8 6 5 4 3 2 1 0 57

Hypothesis 2
R is encryption of e eK(4) = 17
E is encryption of t eK(19) = 4
Recall that , ek(x)=a*x + b, thus
4a + b=17 a=13 in Z26
19a + b=4 b=17

gcd(a,m)=gcd(13,26)=13>1 iIlegal key

 Cryptanalysis of the
Affine Cipher (3)
Consider the Cipher-text:

Frequency occurrence of each letter

R D E,H,K F,V P,S A,L,M,U,X B,N,O,Y C,G,I,J,Q,T,W,Z
8 6 5 4 3 2 1 0 57

Hypothesis 3
R is encryption of e eK(4) = 17
H is encryption of t eK(19) = 7
Recall that , ek(x)=a*x + b, thus
4a + b=17 a=8 in Z26
19a + b=7 b=11

gcd(a,m)=gcd(8,26)=2>1 iIlegal key

 Cryptanalysis of the
Affine Cipher (4)
Consider the Cipher-text:

Frequency occurrence of each letter

R D E,H,K F,V P,S A,L,M,U,X B,N,O,Y C,G,I,J,Q,T,W,Z
8 6 5 4 3 2 1 0 57
Hypothesis 4
R is encryption of e eK(4) = 17 4a + b=17 a=3 in Z26
K is encryption of t eK(19) = 10 19a + b=10 b=5

gcd(a,m)=gcd(3,26)=1 Looks a legal key Key=K(3,5)

Verify 3-1 mod 26=9 The decryption function dk(y)=9*y - 9

The ciphertext is:
Algorithmsarequitegeneraldefinitionsofarithmeticprocesses
Quiz 1
• Cryptanlyze this cipher and tell the key:
• WNAJW
Assignment 1
• FMXVEDKAPHFERNDKRXRSREFMORUDSDKDVSHVUFEDKAPRK
DLYEVLRHHRH
• Is the cipher text prepared using affine cipher in Z26.
• Recover the key and the plain text.